Effective Date: October 15, 2018
Your privacy is very important to us. Please read below to see how Strava handles information in connection with Strava’s websites and the related mobile applications and services (collectively, the “Services”). Before we get to the details, here are a few of our fundamental privacy principles:
- Strava is a social platform and information you upload or post to Strava may be publicly viewable and searchable by Strava members and non-members.
- We aggregate certain information about our members’ use of the Services for business purposes and we sometimes publish that information or share it with others.
- We give you several ways to control what information is shared with others and the public and are continuously working to enhance privacy options available to you.
Strava is headquartered in San Francisco and our Services are provided to you by Strava, Inc. If you are a resident of the European Union (“EU”), Strava, Inc. is the controller of your personal data for the purposes of EU data protection law.
208 Utah Street
San Francisco, CA 94103
Information Strava Collects
Strava collects information about you, including information that directly or indirectly identifies you, if you or your other members choose to share it with Strava. We receive information in a few different ways, including when you track, complete or upload activities using the Services. Strava also collects information about how you use the Services. There are also several opportunities for you to share information about yourself, your friends, and your activities with Strava. For example:
- We collect basic account information such as your name, email address, date of birth, gender, username and password that helps secure and provide you with access to our Services.
- Profile, activity and use information is collected about you when you choose to upload a picture, activity (including date, time and geo-location information as well as your speed and pace) or post, join a challenge, add your equipment usage, view others’ activities, or otherwise use the Services.
- You can choose to add your contacts’ information by connecting your contacts from your mobile device or social networking accounts to Strava. If you choose to share your contacts with Strava, Strava will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.
- Strava collects information from devices and apps you connect to Strava. For example, you may connect your Garmin watch or Flywheel account to Strava and information from these devices and apps will be passed along to Strava.
- Strava may collect or infer health information. Certain health information may be inferred from sources such as heart rate or other information about your perceived exertion, including power, cadence, height and weight or other indicators. Before you can upload health information to Strava, you must give your explicit consent to the processing of that health information by Strava. You can withdraw your consent to Strava processing your health information at any time.
- We gather information from the photos, posts, comments, kudos and other content you share on the Services, including when you participate in partner events or create segments or routes.
- When you make a payment on Strava, you may provide payment information such as your payment card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
- We collect and process location information when you sign up for and use the Services. For example, to record your run or ride and to provide you with your training statistics and inclusion in the Service’s features (for example, the leaderboard for a route), it is necessary to collect and record the physical location of your device including, data such as speed and direction. You can tell us about important locations, such as your home or work address, by enabling a Privacy Zone in your settings. We will make private any portion of your activity that starts or ends in your Privacy Zone. Processing of your location data is essential to the Services which we provide and a necessary part of our performance of the agreement we have with you.
- Strava allows you to sign up and log in to the Services using accounts you create with third-party products and services, such as Facebook or Google (collectively, “Third-Party Accounts”). If you access the Services with Third-Party Accounts we will collect information that you have agreed to make available such as your name, email address, profile information and preferences with the applicable Third-Party Account. This information is collected by the Third-Party Account provider and is provided to Strava under their privacy policies. You can generally control the information that we receive from these sources using the privacy controls in your Third-Party Account.
- To help us to provide you with the best possible service, you can choose to provide us with your contact information so we can better respond to your support requests and comments.
- We also obtain additional third party information about our members from marketers, partners, researchers, and others. We may combine information that we collect from you with information obtained from other members, third parties and information derived from any other subscription, product, or service we provide. We may also collect information about you from other members such as when they give you kudos or comment on your activities.
- The Services use log files. The information stored in those files includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, may be linked to session IDs, athlete IDs and device identifiers.
How Strava Uses Information
Strava uses the information we collect and receive to administer and operate the Services and to customize them for you. For example, we use your heart rate information to provide you with interesting and useful performance analysis. Subject to your privacy controls, your information, including your profile, username, photos, members you follow and who follow you, clubs you belong to, your activities, the devices you use, and kudos and comments you give and receive will be shared on Strava so that you may be able to participate in the Services, for example to show your place on a leaderboard. Certain information (e.g., your name and some profile information) may also be available to non-members on the web. Your precise location information, such as a route or segment, may also be shared on Strava or to non-members, in accordance with your privacy controls.
We use the information we collect about you, your followers, and your activities to customize your experience. We also use the information we collect to process payments, provide support related to the Services, protect members and enforce our Terms of Service, promote safety, and to communicate with you (including to send marketing communications) where you have agreed to receive such messages and notifications.
We also use the information we collect to analyze, develop and improve the Services. To do this, Strava may use third party analytics providers to gain insights into how our Services are used and to help us improve the Services.
We may also use the information we collect to market and promote the Services, activities on Strava, and other commercial products or services. This includes customizing your Strava experience. For example, if we know that you like to run, we may tell you about new running activities or show you sponsored content related to running. If we see that you run in a certain area, we may suggest a race in that area. We may also mention that you have used our partners’ products or services as part of your activities, which we refer to as Sponsored Integrations.
Strava may aggregate the information you and others make available in connection with the Services and post it publicly or share it with third parties. To do this, we remove certain account information, such as your name, and combine the resulting information with similar information from other Strava athletes. Examples of the type of information we may aggregate in this way include information about equipment, usage, demographics, routes and performance. Strava may use, sell, license, and share this information with third parties for research, business or other purposes such as to improve walking, running or riding in cities via Strava Metro or to help our partners understand more about athletes, including the people who use their products and services. Strava also uses aggregated data to generate our Global Heatmap. Please visit your privacy controls if you object to Strava using your information for these purposes. Because the data we aggregate comes from activities, information, and content you shared on the Services and which is identified with your Strava user name among other information, someone looking at both this information you’ve shared and also the global heatmap, could draw a potential connection.
How We Protect Information
We take several measures to safeguard the collection, transmission and storage of the data we collect. Although we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we do not guarantee or warrant the security of the information you share with us and we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content. No system is 100% secure. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information and credit card numbers. Strava engages providers that are industry leaders in online security, including Services verification, to strengthen the security of our Services. The Services are registered with site identification authorities so that your browser can confirm Strava’s identity before any personal information is sent. In addition, Strava’s secure servers protect this information using advanced firewall technology.
To help ensure that these measures are effective in preventing unauthorized access to your private information, you should be aware of the security features available to you through your browser. You should use a security-enabled browser to submit your credit card information and other personal information at the Services. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted.
Most browsers have the ability to notify you if you change between secure and insecure communications, receive invalid services identification information for the Services you are communicating with, or send information over an unsecured connection. Strava recommends that you enable these browser functions to help ensure that your communications are secure. You can also monitor the URL of the services you are visiting (secure URLs begin with https:// rather than http://), along with the security symbol of your browser to help identify when you are communicating with a secure server. You can also view the details of the security certificate of the services to which you are connected. Please check the validity of any Services you connect to using secure communications.
While Strava continues to work hard to protect your personal information, no data transmission over the Internet can be guaranteed to be absolutely secure, and Strava cannot ensure or warrant the security of any information you transmit to Strava. Transmitting personal information is done at your own risk.
Managing Your Settings
Strava offers several features and settings to help you manage your privacy and how you share your activities. Most privacy controls are located in your privacy controls page, but some are specific to individual activities or athletes. Strava provides you the option to make your activities private. Click here to manage your privacy controls.
Adjust Notification and Email Preferences
Updating Account Information
You may correct, amend or update profile or account information at any time by adjusting that information in your account settings. If you need further assistance correcting inaccurate information, please contact Strava at https://support.strava.com. Strava will generally respond to your request within 10-14 business days.
Deleting Information and Accounts
To request that your account is deleted, click here. Once deleted, your data, including your account, activities and place on leaderboards cannot be reinstated.
Note that content you have shared with others, such as photos, or that others have copied may also remain visible after you have deleted your account or deleted specific information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
Strava also provides you the option to remove individual activities you have posted from view on the Services without deleting your account. The activities will typically remain on Strava’s systems. Please contact Strava at https://support.strava.com if you would like to restore the visibility of an individual activity.
EU Members’ Rights
If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
Access and Porting
You can access much of your information by logging into your account. If you require additional access or if you are not a Strava member, contact us at https://support.strava.com. Click here to download a copy of your data.
Rectify, Restrict, Limit, Delete
You can also rectify, restrict, limit or delete much of your information by logging into your account, such as to edit your profile, delete photos you have posted, remove individual activities from view, or delete your account. If you are unable to do this, please contact us at https://support.strava.com. Strava will generally respond to your request within 10-14 business days.
Where we process your information based on our legitimate interests explained above, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
The Services are operated from the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.
Retention of Information
Information about you that is no longer necessary and relevant to provide our Services may be de-identified or aggregated with other non-personal data to provide insights which are commercially valuable to Strava, such as statistics of the use of the Services. For example, we may retain publicly available segments or routes and other depersonalized geolocation information to continue to improve the Services and we use aggregated information in Strava Metro and our Global Heatmap. This information will be de-associated with your name and other identifiers.
Other Strava Sites
Strava maintains certain websites that can be accessed outside of https://strava.com, such as https://blog.strava.com (the “Other Sites”). The Other Sites maintain the look and feel of the Services, but are hosted by outside service providers with their own terms and privacy policies. If you interact with the Other Sites, your information may be stored, processed, or shared outside of the Services. If you interact with the Other Sites, you acknowledge that you may be subject to the terms and conditions and policies applicable to such Other Site. Please be aware that any personal information you submit to the Other Sites may be read, collected, or used by other users of these forums indefinitely, and could be used to send you unsolicited messages. Strava is not responsible for the personal information you choose to submit via the Other Sites.
© 2018 Strava